From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 06 Nov 2008 10:06:46 -0500
Subject: [refpolicy] dbus, inotify
In-Reply-To: <48DB87CD.1090406@martinorr.name>
References: <48DB87CD.1090406@martinorr.name>
Message-ID: <1225984006.12285.11.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thu, 2008-09-25 at 13:45 +0100, Martin Orr wrote:
> Let *_dbusd_t list inotifyfs.
> 
> Aug 20 12:23:52 caligula kernel: type=1400 audit(1219231432.671:4): avc:
> denied  { read } for  pid=2646 comm="dbus-daemon" path="inotify"
> dev=inotifyfs ino=1 scontext=system_u:system_r:system_dbusd_t:s0
> tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

Merged.

> Index: policy/modules/services/dbus.if
> ===================================================================
> --- policy/modules/services/dbus.if.orig
> +++ policy/modules/services/dbus.if
> @@ -139,6 +139,7 @@
> 
>  	fs_getattr_romfs($1_dbusd_t)
>  	fs_getattr_xattr_fs($1_dbusd_t)
> +	fs_list_inotifyfs($1_dbusd_t)
> 
>  	selinux_get_fs_mount($1_dbusd_t)
>  	selinux_validate_context($1_dbusd_t)
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150